[Signature] tab in Preferences


To open preferences, select [File] > [Various Settings] > [Preferences] from the menu.

You can change the settings related to digital signatures on the [Digital Signature] tab.

CONTENTS

Creation

ProfessionalProfessional(TS)

Default Method when signing

SKYCOM Standard Signature This is the standard method for signing with this product.
SKYCOM SECOM Passport for G-ID(通常フォルダ) CA EDITION SECOM Passport for G-ID digital signature using judicial scrivener electronic certificate file.
SKYCOM SECOM Passport for G-ID CA EDITION SECOM Passport for G-ID digital signature using judicial scrivener electronic certificate.
SKYCOM LegalSign Signature

for Legal Digital signature using Regal Co., Ltd.'s electronic authentication kit.

Invisibility Attach a digital signature to a PDF file without specifying a position.
Always used The selection method will become default from next time.

Default certificate [It is ignored depending on the signature method]

You can pre-set the certificate to be used when ‘SKYCOM Standard Signature’ is selected as the signature method.

File Use a certificate file.
Certificate Store Use a certificate installed in the PC’s certificate store or a certificate stored in an IC card.
JPKI Use My Number Card/Public Personal Authentication.
Certificate settings You can register the certificate's initial settings to be used when signing with ‘SKYCOM Standard Signature’.
Certificate settings

When [File] is selected and [Certificate settings] is pressed, you can pre-set the certificate file to be used for signing.

When [Certificate Store/IC Card] is selected and [Certificate settings] is pressed, the certificate filter setting screen will be displayed.

In the certificate filter setting screen, you can pre-specify or filter the options for the certificates to be displayed on the certificate selection screen.

This is useful if you want to reduce the hassle of selecting a certificate each time you sign, or if you want to reduce the number of certificate options that are displayed in large quantities.

Direct specification

You can specify one initial selection state of the certificate selection dialog that specifies a particular certificate from the [Certificate] list.

Also, by pressing [Try filters], you can reflect the filtering result at the time of applying the [Filter specification] setting content on the [Certificate] list of this screen and check it.

Filter specification

When selecting a certificate to use for digital signature, you can set it to display only electronic certificates that match the specified conditions.

Display the most recently issued certificate in case of duplication If there are duplicates in the filtered certificates, only the certificate with the most recent issue date (validity period start date and time) will be displayed.
Issued To You can filter by prefix match for the issued to.
Issuer You can filter by prefix match for the issuer.
Press [Specify multiple] to display a list of certificate issuers that are installed, and you can specify multiple.
Key Usage You can filter by the key usage of the certificate.
Extended Key Usage You can filter by extended key usage.
Validate digital certificates and show only available certificates. You can validate the filtered certificates and display only valid certificates.
Default You can reset the filter specification settings to default.
Export You can export the current certificate filter settings.
Installer configuration via INI file You can export the current certificate filter settings as an INI file.
If you install the exported “CertFilter.ini” in the same folder hierarchy as “SkyPDFSetup.exe” in the installer of this product and install it, you can install it with the same certificate filter settings applied.
Registry Script You can export the current certificate filter settings as a registry script.
If you run the exported “CertFilter.reg” in the environment where this product is installed, you can apply the same certificate filter settings to that environment.
  • The registry script output with [for HEKY LOCAL MACHINE] turned on requires administrator rights to run.
  • If [for HEKY LOCAL MACHINE] is off, it will be a registry script for HKEY CURRENT USER.

The format that is used to sign the document

You can select the signature format and the timestamp to be used for signing.

Signature format You can select a profile that defines the format of the signature.
PKCS#7Profile

PKCS#7 is a common format for digital signatures.

It is widely used, so it has high backward compatibility with past signatures and old applications.

CAdESProfile

CAdES is a more advanced format for digital signatures compared to PKCS#7.

It is defined in ISO32000-2 and is also suitable for use intended for long-term storage.

Unless there is a special reason, the use of the CAdES profile is recommended.

Include a signature timestamp in signature data If you check this, when you apply a signature, it will include a signature timestamp using the timestamp service set in [Timestamp to be used].
Include verification information If you check this, when you apply a signature, it will include verification information such as CRL and OCSP responses.
Out of signature data / Within signature data

For signatures compliant with ISO32000-2, it is recommended to include verification information outside of signature data.

When setting the PKCS#7 profile, it is also possible to set it to include it within the signature data. Some of our products, such as the SkyPDF7 series, included it within the signature data according to the old PAdES specification.

When setting the CAdES profile, the verification information will be included outside of the signature data.

Add an archive timestamp after signing

If you check this, after the process of applying an digital signature, the process of applying an archive timestamp will be performed automatically.

  • To achieve a long-term signature intended for long-term storage, it is necessary to apply verification information and a document timestamp. (See: Archive)
Timestamp to be used

Select the timestamp service to be used when [Include a signature timestamp in signature data] and [Add an archive timestamp after signing] are checked.

  • Please make detailed settings in each timestamp tab of Preferences.
Timestamps and verification information cannot be added unless you are in an online environment.
If you set here to include a timestamp and verification information, applying a signature in an offline environment will result in an error.

Add verification information for all signatures when saving PDF

If you check this, when saving a PDF in an online environment, it will automatically add the verification information for all signatures applied to that PDF.

However, in the PDF saving process that occurs when applying a signature, it follows the [Include verification information] setting in “The format that is used to sign the document”.

Format to be used for command line signing

You can set the signature format for applying an digital signature when operating this product from the command line.

PKCS#7 Profile(Standard Signature)

Signature format: PKCS#7 profile

Include a signature timestamp in signature data: Off

Include verification information: Off

PKCS#7 Profile(PAdES-Basic)

Signature format: PKCS#7 profile

Include a signature timestamp in signature data: Follow the setting in “The format that is used to sign the document”.

Include verification information: Follow the setting in “The format that is used to sign the document”.

CAdES Profile(PAdES-Enhanced)

Signature format: CAdES profile

Include a signature timestamp in signature data: Follow the setting in “The format that is used to sign the document”.

Include verification information: Follow the setting in “The format that is used to sign the document”.

DocTimeStamp Document timestamp only

Others

Signatories to be used

You can specify the information to be recorded as the signatory in the signature from the following:

  • Certificate subject
  • Signatory
Reason

You can select the information to be described as the signature reason from the dropdown.

You can also enter text directly.

Location You can enter the information to be described as the signature location.

Verification

Professional Standard Viewer Professional(TS)

Verify signature revocation status

If you check this, when verifying a signature with this product, the revocation status of the certificate used will also be the subject of verification.

Also, when applying a signature, the revocation verification of the certificate to be used is performed.

Verify signatures when opening PDFs

If you check this, signatures in a PDF are verified upon opening the document with this product.

The verification result is displayed on the status bar.

Please check the details of the verification result from [Verification] in the [Signature/Seal] menu as usual.

Verification settings

Set signature verification.

Specify the vertification method.

If you check this, verification will be performed using the method specified here, regardless of the format of the signature.

Please note that depending on the combination of the signature method and the verification method, it may not be possible to verify correctly.

Verification operation

Specific validation methods are designated depending upon the type of PDF file signature.

Select what should be done if that validation method cannot be used for this product.

Use the default method, if the specified method in the document is not available.

Use the "SKYCOM Standard Signature" or "SKYCOM LegalSign Signature" instead.

Display warning, if the specified method in the document is not available. Use the default validation method instead or display a warning message. 
Time to be used to verify signature

The signature validation includes a validation of the signature certificate.

Even if the relevant certificate has already expired and is no longer valid, it may have been valid at the time of the signing.

Time of the signature creation

If guranteed time stamp is added to signature, the date and time becom stanrad.

If time stamp is not added, the verififation date of certificate become standard.

When signature does not have both these, the date of signature creation become stanrad.

Guaranteed time stamp embedded in the signature

If the signature is accompanied by a certified time stamp, such time and date will be the reference.

Otherwise, the current time and date will be the reference.

Current time The current time and date will be the reference, regardless of whether or not there is a time stamp.
Use the guaranteed time embedded in the time stamp or signature even if the certificate of the time stamp is expired. In addition to the signature, the time stamp also has its expiration date. Check this option if you wish to use it as the reference time and date even if it has expired. This will be invalid if you select "Current time".